Skip to content

v1.8.0 - OAuth Auth Context + Three-Layer Middleware

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 11 Oct 03:24
· 118 commits to main since this release
v1.8.0
ddfd2a2

πŸŽ‰ v1.8.0 - OAuth Auth Context & Complete Middleware Architecture

πŸ” BREAKING CHANGE: OAuth Auth Context Pass-Through

This release completes the production-ready OAuth authentication flow with full token pass-through from transport layer to tool execution.

✨ What's New

🎯 Production-Ready OAuth Flow:

  • βœ… New Parameter: ProtocolHandler::handle_request() now accepts auth_context: Option<AuthContext>
  • βœ… Transport Integration: StreamableHttpServer extracts and validates OAuth from Authorization headers
  • βœ… Middleware Pattern: Tool middleware can inject tokens into RequestHandlerExtra metadata
  • βœ… DRY Tools: No repetitive auth code - tools consume tokens from metadata
  • βœ… Fine-Grained Access: ToolAuthorizer trait for per-tool authorization

πŸ—οΈ Three-Layer Middleware Architecture:

  • πŸ”Ή HTTP Layer (ServerHttpMiddleware) - Transport-level processing
  • πŸ”Ή Protocol Layer (EnhancedMiddleware) - JSON-RPC message processing
  • πŸ”Ή Tool Layer (ToolMiddleware) - Tool execution processing
  • Full auth context pass-through across all layers

πŸ“š New Examples & Tests

  • Example 58: Complete OAuth flow from transport β†’ middleware β†’ tools
  • Example 55: Server HTTP middleware demonstration
  • Integration Tests: tests/auth_context_integration_test.rs with 3 scenarios
    • Auth context flows from transport to tools
    • Missing auth context fails in tool
    • Invalid token rejected at transport

⚠️ Migration Required

All ProtocolHandler::handle_request() calls must now include auth_context parameter:

// Update existing calls - add None for no authentication:
server.handle_request(id, request, None).await

// In transport layer (e.g., HTTP handlers):
let auth_context = auth_provider.validate_request(auth_header).await?;
server.handle_request(id, request, auth_context).await

Affected Files:

  • All transport adapters (StdioAdapter, HttpAdapter, WebSocketAdapter)
  • Custom ProtocolHandler implementations
  • Test code calling handle_request()

πŸ”¨ Technical Details

Core Changes:

  • src/server/core.rs: Added auth_context parameter to ProtocolHandler trait
  • src/server/mod.rs: Updated Server wrapper with auth validation
  • src/server/streamable_http_server.rs: OAuth extraction and validation
  • src/server/adapters.rs: Updated all transport adapters

Quality Assurance:

  • βœ… Zero clippy warnings
  • βœ… All 439+ tests passing
  • βœ… Integration tests for complete OAuth flow
  • βœ… Example code demonstrates best practices
  • βœ… Cognitive complexity reduced (≀25 per function)

🎯 Use Cases Enabled

  1. Multi-tenant SaaS: Each tool call includes user context
  2. Backend API Integration: Tools authenticate with third-party APIs using user tokens
  3. Fine-grained Authorization: Per-user, per-tool access control
  4. Audit Logging: Track which user called which tool with what token

πŸ“– Documentation

  • README updated with v1.8.0 migration guide
  • All examples updated to pass auth_context
  • API docs include auth_context usage patterns

Full Changelog: v1.7.0...v1.8.0

Contributors: @guyernest

Quality Gates: βœ… All passing (formatting, clippy, tests, benchmarks)

Contributors

guyernest
Assets 5
Loading